Tianrenu

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System that allows for remote SQL injection. The issue is located in the `/ramonsys/enrollment/controller.php` file, specifically through manipulation of the `ID` argument within an unknown function. The exploit for this issue has been publicly released. **Recommendations** Apply any available updates or patches for itsourcecode Student Management System version 1.0. As a temporary workaround, restrict access to the `/ramonsys/enrollment/controller.php` file. Avoid using the `ID` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the `ID` argument within an unknown function of the `/ramonsys/facultyloading/index.php` file, leading to a SQL injection condition. This allows for remote exploitation. The details of the exploit have been publicly disclosed. **Recommendations** Apply any available updates or patches for itsourcecode Student Management System version 1.0. As a temporary workaround, restrict access to the `/ramonsys/facultyloading/index.php` file. Sanitize the `ID` parameter before using it in any database queries.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Student Management System version 1.0 **Description** A flaw exists in itsourcecode Student Management System that allows for SQL injection. Manipulation of the `ID` argument in the file `/ramonsys/soa/index.php` can lead to unauthorized access and potential data compromise. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.